Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(m) Publication number : 0 647 925 A2 



(g) Application number : 94307376.7 
(g) Date of filing : 07.10.94 . 

(30) Priority : 08.10.93 US 133398 

(43) Date of publication of application : 
12.04.95 Bulletin 95/15 

(84) Designated Contracting States : 
CH DE FR GB LI 



@ Applicant : PITNEY BOWES, INC. 
World Headquarters 
One Elmcroft 

Stamford Connecticut 06926-0700 (US) 



EUROPEAN PATENT APPLICATION 

© mt. ci. 8 : G07B 17/04 



< 



@ Inventor : Pintsov, Leon A. 
365 Mountain Road 
W. Hartford, Connecticut 06107 (US) 
Inventor : Connell, Richard A. 
24 Lower Salem Road 
South Salem, New York, 10590 (US) 
Inventor : Sansone, Ronald P. 
4 Trails End Road 
Weston, Connecticut 06883 (US) 
Inventor : Schmidt, Alfred C. 
201 Branch Brook Road 
Wilton, Connecticut 06897 (US) 

(74) Representative : Cook, Anthony John et al 
D. YOUNG & CO. 
21 New Fetter Lane 
London EC4A 1DA (GB) 



(g) Postal rating system with verifiable integrity. 

(57) A data center provides a rate table to a user. 
The rate table is communicated to the- mailer 
along with a hash code. The hash code is based 
on information from the rating table. The hash 
code provides a unique number based on the 
rating table provided. The algorithm within a 
secure device and to which the rate table is 
loaded regenerates the hash code based on the 
information received from the rate table and 
compares the transmitted hash code with the 
generated hash code. A comparison is made of 
the received hash code and the generated hash 
code to verify that the rate table data has not 
been intentionally or unintentionally corrupted. 
The transmitted hash code may be encrypted by 
the data center and when received decrypted by 
the mailer. The encryption decryption process 
establishes authenticity of the data center if 
desired. 

The generation of a hash code based on tne 
stored rate table and a comparison with a 
stored hash code previously transmitted can be 
initiated prior to postage printing and used to 
insure proper rating. Printing is enabled only 
after the rating process has been properly im- 
plemented. The hash code and rating infor- 
mation may be printed on the mail piece such 
that a verifying party can reconstruct the rating 
process and determine if rating inaccuracy oc- 
curred. Various rating inaccuracy for a particu- 
lar user can be stored by the verifying party to 
detect a recurrence of rating errors. Rating 
profiles for particular users or group of users 
may be stored to enable generation of user 
profiles. 
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The present invention pertains to rating of mail for postal systems, for example to a postal rating system 
havmg venfiable integrity determinable from the information printed on a mail piece * 
mai| ^ US P °f t3 L f rvices and <> rivate carrier s ^vices throughout the world have developed rate tables for 

TTj^T' taNeS SP6Cify fate f ° r 3ny giVSn mail P iece (hereinafter intended to inc ude 

parcels and other mailable items as well). 

Static Z17 rr ,Ve ^ t SSired C ' aSS ° f SerViC6 ' SUCh 38 f ifSt Class or third class "«« the United 
T^TrL Tr^ T \T, ' SiZe ° f mail ' the diStanCe 0f which the mail is * ^ sent, the level of 
shahno f2h /T S mVOlVin9 deMVery thS n6Xtday ' and/ ° ra disCOunt associated with a leve. of work 
. and nat!. p P °r SerVICe 6aCh PriV3te Carri6r S6rvice USually es,ablish their °™ for maM 

oostal S h S ? rV,Ce 33 US6d hereln iS intend6d ,0 aPP ' y equa,ly to mean both governmental or ole 

eoual v to Z TV SerViC6S - P ° Stal Valu « as used herein is «•««,*»<■ * apdy 

other values 9° ver ^ental or other postal values and also private earner service delivery charge and 

To facilitate a mailer applying proper postage or other charges (such as, for example, insurance or certified 
dehvery or return rece.pt, etc.) to a mail piece or to a tape to be adhered to a mail piece, various devices have 
or^eZ^f 3 ^ 33 SCa ' eS indUde rate tabi6S t0 Pr ° Vide 3 ViSUal indication to the user of the appro 
Z lvZ I ^" PI6Ce t0 56 deP ° Sited With the pOStal service " ln some Prices, these weigh- 

ed "dud« II S' 68 /° r aUt ° matiC SSttin9 ° f the P ° Stage meter ^eels -herein L 
I ™- rl h r f 30 electron,c P ° Stage met6r 3nd COnveys settin 9 '"formation. This now enables 
PARAroM 9 P ° Sta f 3nd processin 9 of t^ mail. One example of such a system is the Pitney Bowes 

2° "! a ' l,ng System wherein mail is weighed and the postage meter print wheels automatically set for 
Son , t^?? P ° Stage ° n 3 maM Piece " Another svstern such as that disclosed in U.S. Patent No 
4,855,920 for POSTAGE ACCOUNTING DEVICE provides a secure accounting unit with a memory inc Ling 
I a Q ? Sff ° f P ° Stage ratSS f0r different classes of maiL Yet a nother system is disclosed in U S Patent No 

on^tinf m V° h r FRA T' N h MAC , HINE Wh6rein r8te t3b,eS St ° red 3 m6ter and are employed to s the 
printing mechanism to a desired amount. 

H„o '^f re ^° gn j zed th . at a mail P iece mav be imprinted with an improper postage amount. This can be 
TJ ^ 7^ faCt ° rS SUCh 33 thS UtiliZati0n 0f a wron 9 rat e table, the utilization of an obsolete 
rate table, or the input of inaccurate data for the rating process. One example would be the input of an incorrect 
size of the mail piece (where the size of the mail piece is a rating factor). 

Summary of the Preferred Embodiments of the Invention 

It has been discovered that a rating system can be provided which allows verification of the integrity of 
trie rating process. 

It has further been discovered that it is possible to allow verification in a manner which determines that 
an appropnate rate table has been employed and to identify the reason for improper rating of the mail 

The embodiments facilitate the entry of rate tables (or their equivalent) into a postage evidencing system 
such as a postage meter, so as to increase the security of mail rating and provide assistance in determining 
that a mail p.ece was securely rated and that the right rate table was used in the rating process 

In accordance with the embodiments a data center (which may be run by a third party or by the postal 
service) provides a rate table to a user. The rate table is publicly available data as to how mail should be rated 
for vanous different rating parameters. The rate table is communicated to the mailer along with a code The 
code .s based on information from the rate table. The code provides a unique number based on the rating table 
provided The algorithm within a secure device into which the rate table is loaded regenerates the code based 
on the information from the received rate table and compares the transmitted code with the generated code 
The companson results in an appropriate match if the rate table is authentic and if the source of the rate table 
is the appropriate sending authority. This both authenticates the source of the rate table and the integrity of 
the data received. 3 1 

In accordance with a feature of the embodiments printing by the postage evidencing device, such as a 
postage meter, is not enabled until the integrity of the data stored within the postage evidencing device memory 
for the rate table is verified as being correct. This is done by recomputing the code for the rate table and com- 
paring the code for the rate table with a stored code received from the data center when the table was originally 
transmitted which has been stored in a non-volatile memory. If the two codes are the same, printing is autho- 

In accordance with still a further feature of the embodiments the code (which may be a "hash" code) is 
pnnted along with the rating parameters on the mail piece such that a verifying party can reconstruct the rating 
process and determine if rating inaccuracy occurred and/or if the rate table employed in rating is valid for the 
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date of the postage imprint. The code may be printed in encrypted form on the mail piece and the encrypted 
code may be printed along with other encrypted information on the mail piece. Alternatively the hash code may 
be combined with other information such as the postal value and postage evidencing device ident.f .cation and 
the combined result then encrypted and printed on the mail piece. 

In accordance with yet another feature of the embodiments the rating inaccuracies for a particular user 
can be stored by the verifying party to detect a recurrence of rating errors and to automatically initiate appro- 
priate corrective and/or other actions should, for any given mailer or group of mailers, rating errors of particular 
categories exceed certain threshold levels. 

In accordance with still another feature of the embodiments the rating profile for a particular user or a group 
of users is stored by the verifying party to enable the generation of a profile of a mailer or a group of mailers 
to provide business data for marketing to such mailer further postal services and/or informational reports based 
upon verified mailing patterns, such as rate, level of service, mail destination, distribution and the like. 

Preferred embodiments of the present invention will now be described with reference to the following fig- 
ures wherein like reference numerals designate similar elements in the various views and in which: 

FIGURE 1 is a mailing system employing a secure rating module allowing verifiable rating integrity; 

FIGURE 2 is a flow chart of the activities of the data center involved with transmitting to a secure rating 

module a rate table in accordance with the present invention; 

FIGURE 3 are the activities at the postal evidencing device involved with processing a recetved rate tab e 
and the process by which verification of the integrity of the rate table data and the authenticity of the data 
center is established in the postage evidencing device; 

FIGURE 4 is a flow chart within the postage evidencing device for rating a mail piece and printing the ap- 
propriate Postal Revenue Block on the mail piece; 

FIGURE 5 is a flow chart of a sub routine within the Authenticate Rate Table and Rate Computation Algo- 
rithm block of FIGURE 4; and. 

FIGURE 6 is an imprint on a mail piece in accordance with the present invention. 
General Overview 

The postage value (rate) for every mail piece may be encrypted together with other data to generate a 
digital token. A digital token is encrypted information that helps to authenticate the value or other '"formation 
imprinted or to be imprinted on a mail piece. Examples of systems for generating and using digital tokens .a re 
Ascribed in U S Patent No. 4.757,537 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN 
A WLUE PRINTING SYSTEM; U.S. Patent No. 4.831 .555 for UNSECURED POSTAGE APPLYING SYSTEM 
an^U S PaTnt No. 4,775,246 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE 
PRINTING SYSTEM. The entire disclosure of these three patents is hereby incorporated herein by reference. 

As a result of the digital token incorporating encrypted postage value, altering of the printed postage value 
in a postal value revenue block is detectable by a standard verification procedure. Thus, to underpay postage 
an attempt may be made to interfere with the rating process (as opposed to the resulting pnnted postage value). 

Rating with verifiable integrity in accordance with the system described herein helps to: ) provide diag- 
nostics to the party conducting verification to enable detection of inadvertent misrating of ma.lp.eces; and 2) 
provide evidence to the party conducting verif ication of deliberate underrating of mail pieces 

Rating input parameters may be entered into a system manually or automat.ca.ly or partially manually and 
partially automatically. For example, sensory data such as weight, size of mail pieces and presence of a bar- 
code can be automatically entered while desired level of service or mail class can be keyed ,n manually or 
, entered by default from a file. Alternatively all rating parameters can be entered into the system rn.nu.By. The 
process of computing the postal value (or rate) is based on calculations involving inpu rating P-^"™ 1 
a rate table. The process of mail rating, however, can produce incorrect results. The following are such exam- 

Pl6S A) Entered incorrect rating parameter or parameters (e.g. wrong entered weight or size). 
a B) The rate table is obsolete or the wrong rate table. 

C) The rate table is incorrect because it has been deliberately altered. 

D Entered input rating parameter or parameters are incorrect and the rate table is obsolete o, -incorrect 
E) Entered input rating parameter or parameters are incorrect and the rate table has been deliberately al- 

Tshould, of course, be recognized that the above examples can be combined to produce additional ex- 
amoles such as A and B or A and C or B and C or A and B and C. 

P The case of inadvertent misrating can occur due to incorrectly entered data, or obsolete or mcorrect ra e 
table or both. In the above examples, the case of inadvertent misrating is equivalent to examples A. B or D. In 



BNSDOC1D: <EP_0647925A2_U» 



EP0S47 925 A2 



'^e'lZ'T! 0,^a ' inSl .: P • J, P«™»™»"d 'ate tab,* identification in the postal revenue block (or 
me aeiiDerate entering of incorrect rating parameters is also facilitated 

we* known technics S uch as a non-volatile memory (NVM) within a secure pos agTevidencino devi ce ho s 
process .s too expensrve. especially for large rate tables or where regular updates of NVM J, aTe^ manner 

■ ~ e g 0 ^cr COSS inSUreS " °' - — cTnte^r ^e' 

Another way to provide verifiable integrity of the mail rating process is to compute the hash value of the 
entire rate table or its specified portion) upon each access to the rate table. Immediately a^te^ ^th s hash va e 
has been computed ,t ,s sent to a private (secure), non-voiatile memory. This private memory can be accessed 

va ue oVth"^ ° { ? f e POSta9e 8VidenCin9 d6ViCe - TWS encr ^ tion modu^nTy?. ~S 

thl Llh V US6d f ° r rat,n9, t0gether with other inf O"nation, into digital tokens in other words 

roduc t h ; e U na:i e d S !Z£l7 TTf P °*' *** UBad * "» di S ita ' t0ken '-nsf" o 
produce the encrypted .nformation to be printed on a mail piece. The overall operation provides a diaital ™ 
nature of the rate table actual.y used by employing techniques known in modern cryptology 'see for tamofe 

T t P °Z y yP ? IO , 9y • SCi6nCe ° f lnf0rmati ° n lntS9rit ^ ed - G - Si — • 'KE Preis 1992) 
Yet another way to detect deliberate alteration of the rate table is to use a function such as a hash function 
parametenzed by a secret key. .n this case, just as in the previously described case the hash vle o he 
entire r ate table or a sujtable portion thereQf) |$ CQmputed ^ ^ ^ 6 ha f ^ * * 

n this case is a function of a secret key and thus can not be computed without knowledge of this key When 

te e^ntific'aZT ' Tl "T™** ^ " " Can be Printed in the Posta^evenue btock as 
rate table identifcat.on. Typically, two decimal digits would be sufficient (since it gives a potential adversary 
only 1 chance out of 100 to guess the right value of the rate table identification J These ZTc^Zs 

Z I" H° mP ete,y h r r d ° m 10 ° bSerVer With ° Ut kn ° W,edae 0f the secret ■«*• ^ese two d^ or 
any larger number of such drg.ts) may be termed the rate table digital token. )t may be a part of the digital token 
previously described. The hash function parameterized by a secret key can be computed as ^Message Au 
thent,cat,on Code (MAC) which is widely used in the financial services industry. 9 

Detailed Description of the Preferred Embodiments 

servfcf^r ^ "S" l ° RGURE 1 ' Ad3ta C6nter 112 COntainS various rate tabjes P«Wi-hed by a postal 
deoendino on Th Camer ^ ^ Ch ^ eS ° r postal fees for various of services 

United State PostaTsT ^TfT * ^ or exarn P'®. a rate table may exist for the 

Un ted States Postal Service first class ma.l, providing rates for first class mail, depending upon the different 

aTpar tof^atno ^ 'T*' T*' COPtraSt ' ^ 3 pare " ™> M < h » Z^TJnllot 
rat Z£« * 9 Paramet ! rS 10 determine the appropriate fee or payment for delivery of such parcel. These 

means ^ 

dZ£ t T 9 eV,denCmg dev,ce shown 9 eneral| y at114. The postage evidencing device may be a tra- 
ditional electronic postage meter such as disclosed in U.S. Patent No. 4,675,841 for MICROCOMPUTEmZED 
ELECTRONIC POSTAGE METER SYSTEM; U.S. Patent No. 4,301 ,507 for ELECTOO.Sc POSTAGE METER 
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HAVING PLURAL COMPUTING SYSTEMS; other types of metering system for evidencing, ^^te^ such as^ 
for example, as disclosed in U.S. Patent No. 4,757.537 for SYSTEM FOR DETECTING UNACCOUNTED FOR 
PR nTnG IN A VALUE PRINTING SYSTEM; or U.S. Patent No. 4,934.846 for FRANKING SYSTEM. The , poj- 
age evidencing device (which may be a persona, computer type metering system, however ) should preferably 
have Te ability to print variable information on a mail piece to provide the requisite informal for venf .cat.on 
bv a verifying authority as will be hereinafter explained. 
y The postage evidencing device 114 includes a rating module 116. The rating modue stores rate tables 
which are communicated to the the postage evidencing device from the data center 112 The ratm I module 
Tie is operatives connected to a control module 118 which would include a centra. P^» n «7^ v -~™ 
other suitable electronic components and program control devices such as programmable read only memones 
(P WD Ms) random access memories (RAMs) and non-volatile memories (NVMs) for stonng vanous postal and 
accounting data Many system architectures are suitable for the present invent.on. For example, the accountmg 
circuitTand NVM(s) can be part of the rating module within the secure housing 1 1 6a (tamper resistant dev.ce 
S) o^wZa separate secure housing. The housing 114a may be a secure housing, ord.stnbuted proc- 

114 ThfdatTmay include, for example, the weight, size, class of service and other data conearmng the man 
^rZrTeZuotZ ra ing and mail finishing processes. Examples of the types of data that can be entered 
bv a user nldel maM dass weight, dimension (length, width, or thickness or all of them), des.red serv.ce 
"eve. wo * *a« TZ (for the UnL States Posta. Service these may include indication of due presence o 
certain bar code ZIP code, or ZIP + 4 code, ZONE code or presort level, etc.). Yet another type of data that 
S be entered could be, for example, a graphics code for the graphics to be printed. It shouM ^reco^ 
'hat any other factors that are deemed to be relevant by a particular postal serv.ce earner ,n he rating process 
may be enterab.e by the user through the data entry module 120. The entry can be manual or automatic^ the 
data may be rom a computer system associated with creating or tracking the mail p.eces or ,t may be scanned 
or measured from "he mail piece itself. A printer 122 such as a thermal printer or ink jet pnnter or p,n pnnter 

(which can be called a vector) into a set of rational numbers which represents the postal rates. Th.s can be 
^wed as map^g f from a set of input vectors { l} into a set of numbers R which represents the postal urates 
As^n example the input vector (that can consist of such components as; a 

zone three, and c) a size indicator) can be mapped into a umque and speaf.c rate, for example 43 cents As 
each of the vector components change, the rate changes. If the size indicator is eliminated and the mart p.ece 
It no X example, oversized, the rate, for example, could diminish to a ^^^^ 

• k- =» nn* n „nre letter with no zone category and no oversize category and no presort or other workshanng 

• hXX™ 

ortherate table determine the rate. As vectors change the «^^^ u P wd ^ de r d J^^^^ 
rate table involved. These parameters for rating vary from postal service to postal serv.ee and earner ^ garner 
The rat no pa ameters can be any number of parameters depending applicable rat.ng cnter.a These atmg 
o larameters w U tead ultimately to a single price that is to be paid as determined by the appropnate rate table. 
Thus in ^ "vec ors » can b e u ilized Jhe rate table input to map onto the rate table in the postage ev.dencmg 
levice or system rating module to establish the actual postage to be imprinted on the ma. p.ece. .t should be 
.SS^rnSiniJ that the establishing of the posta. va.ue to be imprinted on a ma.l p.ece may require 
I uuiizatL of more than one rate table. For examp.e. a rate table may exist for dehvery charges, and a seo- 

into a set of numbers R which represent postal rates is as follows: An input vector » an ordered set of numenca. 
parameters: 

I = (a, a 2 a„) 

50 where 

a, is the weight of the mail piece, 
a 2 is the length of the mail piece, 
a 3 is the width of the mail piece, 

mail etc.) 

a 6 is a postal code of the origination address 
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a 7 is a postal code of the destination address 
Aaatn" L7Jl*[ ^ZT, parameters includin 9 the level of worksharing (presort, prebarcoding etc ) 
anySf^ 

Ihirh !ic ^ calculafon algorithm have unique identifiers. The identifiers can be in the for ^ a code 

Pvi JnJnnn * rat ' n9 Ca " be accom P |ished in «"» following manner. First, the operator of the postaae 
r ^oftL^r' 6 (6 ; 9 - h P ° Stage -"Worshipping or weighing system) enters the input parameter . = (a a 2 

tto rZn IhI W0 ? 0t ' 3SS t6St ° f consistenc y in the United States.) Then, the supervisory "ut ine o 
the rat.ng module mvokes the rating algorithm and the rate table. This is done using one of the teSa3JeH 

1!h h f , Contemporary Cryptology. ed. G. Simmons, IEEE Press 1992). After the rate R is cal- 

culated the followmg data elements are passed to the postal rating revenue block tOiJLtU^a^^l^ 
md,c,a or ,mpr,nt is defined as a printed image that is to be used for evidencing posTage payment) TNs can 
include rates (,n the appropriate units of currency), identification of the rate table LntifcaZ of L n e ca. 
h^^ 

cording of ma Ice f 7 f " P ' 6Ce " * ^ verification - ° ne verification approach involving video re- 
„? °1 f P l , 3ter pracess,n 9 is disclosed in U.S. Patent Application of Robert A Corderv and 

T i VERIFICATION (equivalent to European Patent Application No. 94304236 6) 

for eZZTulrr" b l° Ck , ( ; ndiCia) f ° rmattin 9 module combi <^ these data elements with others (such as 
slwoZs asfor ' | dent,f,Cat,0n ' d3te/time stam P' P° stal of origination and destination, and pot 

s,bly others as for example suggested in the above-identified three U.S. patents which have been incorporated 
TEM J£ rr r 3lS0 " U PatentN °- 4 ' 853 - 961 forR ^IABLE DOCUMENTAUTHEN™£^£ 

The authentication channel for rate table communications between the data center 112 and the oostao* 
aTp'contem ^ " V" T * ^ channel is we,, known in the art see' fo ex 

r n !l Cr " toi °9y ed fa y G- Simmons, IEEE Press, 1992). The authentication channel invo ves 

two communing part.es who would like to authenticate each other before exchanging any senstive m es 
sages. The parties can be a data center and a postage evidencing device. 
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The data center would operate to send a rate table to a postage evidencing device via a communications 
channel (phone line or other transmission). The secret information (for example, a secret key in a case of a 
secret key based protocol) is stored both at the data center and in the postage evidencing device. Alternatively, 
in a public key system one of the parties (for example, the data center ) knows a secret key and the other 
party (here the postage evidencing device) knows a matching public key. The protoco. for mutual authent.ca- 
tion equires that the data center first sends information in plain text and then the same inform, .on encrypted 
with its secret key. The postage evidencing device upon receipt of both messages d ^«^ 
message with its secret (or public)key and compares it with its plain text version. If a match ,s made, the data 
Tder is authenticated, since on,y the sender knew the secret key. Similarly. "^—^J 
can send two messages, plain text and encrypted message to authenticate itself to the data center if needed. 
In mailinq applications this may not be needed. 

A eTsuch authentication, if it is desired, the data center 112 transmits a rate ^™ dlo '^™L 
qorithm This transmission, however, requires a data integrity. That is. that the rate table and/or calculation 
algonL^ ould arrive unmodified. Assurance is needed t^^^ 

exactly as it was sent and that it has not been corrupted, intentional or unintentionally. In order to accomp sh 
this I Z data center 112 first generates a hash value (message digest) of al. or some specif Portjon of the 
data contained in the rate table and/or of the calculation algorithm to be sent. The rate table and/or calculation 
algorithm an then be sent as an ASCI, or other type of f ile. The hash function a PP .ied to this data produces 
a 9 hashTalue (message digest) which is indicative of the content of the rate table and/or calcu.ation algonthm 
and et s co e n ( s Tderab?y reduced in data size. As used herein hash function is a well known f-ct,o-h'ch pos- 
sesses at least two properties. It is computationally difficult to (i) recover a message corresponding to a given 
message ^lelt and (ii) to find two different messages which produce the same hash value (message digest). 
SomeTe. nol ha h functions are described in American National Standard X9.30 - 1 993, Public Key Cryp- 
MPtouZ irreversible Algorithms For The Financial Services Industry: Part 2: The Secure Hash Algomhm 
(SH A) U should be noted that there are other publicly available hash ^-tions that can be imp 
he purpose of the present invention . As for example, one formal definition » set forth ,n Contemporary Cryp- 
dogy by G Simmons, IEEE Press 1992 at page 345, and yet another definition is that a hash . func^on us a 
uncL that satisfies the following properties: 1) it is capable of converting a file F or arbitrary ^length nto a 
fixed-length digest h (F); 2) h must be "one way", that is, given an arbitrary value y in the domain of h. i must 
be computationany invisible to find file F such that h (F) = y. and 3, h must be -col s,on_f r.e". hat », ,t must 
be computationally infeasible to construct two different files F, and F 2 such that h (F„) - h (F 2 ). 

Tnce The data (the rate table and/or calcu.ation algorithm) being transmitted to the postage evidencing 
device 1 2 * pubnc y available information, it is not necessary to encrypt the information and prevent unau- 
hoTed decryption since it is not important to protect secrecy of the informatbn itsel . "W^™* Je 
. hash value (message digest) of the rate table and/or the calculation algonthm the data center encrypts the 
Sash va ue message digest with its secret key (for both public and secret key systems) and sends the en- 
cTvote I menage to the postage evidencing device 114. The postage evidencing device 114 receives the en- 
c vp ted rTsh vaTue ("signature ■), and decrypts it with its secret or public key as the case may be. thus obtaining 
e Se t hath va ue (message digest). The postage evidencing device 114 then independently compute. 
, he tor^ue^rnewage digest) of the received rate table and/or calculation algorithm using the same hash 
unct on The hiTh algorithm Jployed may be one in the public domain: however the algorithm resides both 
at tS data center 112 and at the postage evidencing device 114. If the two hash values received from he data 
c nter aTd the hash value computed in the postage evidencing device match each other the integn ; , oi the 
"te Lble received and stored in the postage evidencing device rating module 116. assured. Thus, the integrity 
s cf the stored rate table and/or calculation algonthm is verified. 

Bot s eps authentication of the data center and verifying the integrity of the rate table and or ^ca.cu.at.on 
algorithm received) can be combined. To doso. the data center 112 simply sends *™<™^^Z££ 
evidencing device 114: the rate table and/or calcu.ation algorithm in plain text and the rate table an or ca.cu 
"tion algorithm encrypted with the secret key. Thus, the authenticity of the sender and the verification of the 

al9 °Se^ 

to the po tage evincing device 114 at 214. Thereafter, the data center 112 computes 
» sage digest) of the rate table at 216. The hash value is then encrypted by the data center 112 at 218. The en 
crvDted hash value is transmitted to the postage evidencing device 114 at 220. 

Reference is now made to FIGURE 3. The rate table is received by the postage evidencing dev « * 
322.^hT P ^.^aTncln 8 device 114 also receives the encrypted hash value of the rate table at 324. The 
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postage evidencing device 114 then computes the hash value (message digest) of the received rate table and 

va uT f the: I2^T« ^ ^ 6Videndn9 ^ 114 d ~*» "» -eived enctpfed h a^ 

vaiue or tne rate table at 328. This provides a second hash value at the postage evidencing device 114 

■ devi.™^^^^^ 

aev.ce 114 and the second hash value wh.ch has been obtained by decryption If a match is made at w 
3 1? conditions are appropnate in Ih. postal evidencing device, as for example adeauate 

^,.2,? and °" a ™» »V Printer 122 for detection ata mail piece veriHcatton TacMitv Several 

^ 0 e 'ZZ&ZSZSZ? d Sbte a " d '° r -.ea^ed^ 
- The value of the hash function (or a part thereof) can serve as a unique rate table identification numb w 

This umque deification number can be associated with the validly period of the rate ta 1 in ^ one Tone 
fashion For example, the rating authority (the postal service or other carrier) provides identmcationTo each 
vairdrolrin^"?;? 3 ^ 3 . table r hefe b ° th inf0rmati ° n 38 t0 the rate table i^ntificatior fan ™e£onT g 
thl Irn P f ,M 6d A S,mP,e tablS '° 0k UP all0WS the verif V in 9 facil "y. mailer or third party to recover 
the validity period. This >s useful for the postage payment verification process. In this instance by utmzTna th^ 
umque .denbfication number (as for example a hash value) the verification service car^d^ 
postal or earner rat.ng table utilized and thus can determine whether the rating table used byThe maHer in ca 

STJtr ratS and , thUS P ° Stage V3lUe imprint6d ° n the mail " ece was within the vaXpen^d 

H^J^ SXPreSS,y rec °9" ized tha < » ™* be desirable to encrypt the printed hash function or 

hash ^nctfon H 6 by 3 secret ^ Thus *• Pentad encrypted or parameterized value S the 

a^enr-rl Ih ° "T "* SUbj<3Ct l ° 3ttaCk Can itse,f be verified - ™. technique of Imprint Si 

and eZ^men^STh ' Zed Va ' Ue 00 ^ m3i ' ^ Can b * empl0yed with eacn ° f Various aspects 
and embodiments of the present invention. M 

Enhanced verifiable integrity of the rate computation itself is also provided by the present system There 
are a number of ways that the system can compute rates with verifiable integrity. tZ^r^n^^ 
implementation, there can be different systems requirements, as for example the speed of th^p ocessor and 
the storage capabilities of the RAMs and NVMs. processor and 

One way to achieve this enhancement of the integrity of the mail rating process is to load the rate table 

If the qU ' reS 3 m T t0 USe ° f the ratinQ tab ' e ^calculation algorithm before enabling printing 

1 no f r6Ven " 8 b '° Ck (m6ter indiCia) ' ThiS may be a^omplished, for example, by precluding access to 

Process corr e ?f k t H° rmattin9 S ° ftWare m ° dU,e UntM the ratin9 VeCt0rs ^ve beenemered anS fhe rat ng 

lain aiooZl o T l™"™ WhiCh W ' Mn accom P |ished * to load the rate table and/or calcu 

^r D n ?Z h 9 7 ' tS UniQUe identification into th * non-vo.ati.e memory of the rating module 116 

memorv ^H £ 9 "* ^ ° PerateS SUCh that onl * access «° ™* non-volatile 

memory and the appropriate rating process memory locations therein can trigger printing of the postal revenue 

algorithm ^ ^ * ^ ^ 3CCeSS to "» table and/or calculation 

Another way to provide enhanced (verifiable) integrity of the mail rating process is that, upon entering re- 

po IrToThe'r. t P N a T terS ' P ° Stal 6VidenCin9 d6ViCe 114 inV ° keS 3 COntrol r0utine ^ computes a 
en rv numeric Tab, Z*™ ™" ^ ^ ^ « Ul9 * f0ma ^ the rate table f irst " - multl 

pa ame^s T h fn« I muit,d ' menslona ' ^ "aving a number of dimensions equal to the number of input 
tive 7xT*Jl J- I T ^ a „ COncatenated strin 9 °< numbw or symbols partitioned into sections indica- 
tive of the appropna e location ,n the array. Thenumber of sections is equal to the number of input parameters 

beina?nd ^7 r . rate t3b ' e °^ ^ 1 ' 2 3nd 3 ° unCeS ' two d '^ensiona. indicators (zero 

berng md cation of regular size and one being indicative of oversized mail piece) and two delivery service class- 
es, 0 (dehvery w.th.n three days from the moment of deposit) and 1 (delivery within six days) then the pointer 
forde.ll n TK ber R 2 H 1 ' Th ' S W ° U,d mean that m3il Pi6Ce -i^ting 2ounce,havin 9 regularize and scZ«Z 
sVn ZcTll r dayS T n h eed V° be rated " The P° inter •» oniy one corresponding rate in the table for 

such , ratmg e.g. 43 cents. Th.s rate can be retrieved after a hash value for the entire table or its specified portion 

ceived r Th^ f C ° mPared h3Sh V3lUe (meSSa9e di9eSt) f0r the table or its s P^'^d portion re- 
Th is 1 h T St ° red " non - vo,atile ™™*y of the postage evidencing device. 

This approach reduces the s.ze of the required non-volatile memory needed to store rate table information. If 

8 
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the hash values (message digest) match, verification is established, which means that an uncoupled rate 
table was use d for the rating process. The rate value together with the rate table idenff -cation are retneved 
and sent to a postal revenue block formatting routine for formatting the data for P™*'"* 

The flow chart in FIGURE 4 shows the activities in the postage evidencing device 114 for rating a mail 
piece and printing the appropriate postage payment on the mail piece 124. 

Reference is now made to FIGURE 4. A user enters rating parameters into the postage evidencing donee 
114 at 438 The postage evidencing device 114 verifies the consistency of the mail piece parameters at 440. 
^ verification message is then sent at 442. If consistency has not been established at 443, the mail P-ece ,s 
rejected at 445. If consistency has been established at 443. the rate is computed at 444 

As part of computing the rate, the rate table and rate table calculation (computation) algorithm , are authen- 
ticated at 446 An authentication message is sent at 448. If authentication has not been established at 450 
he rate Lb^ is rejected at 452 and the process is not allowed to proceed. Thus, the rate computation noted 
above w I ot occur. If the authenticity of the rate table has been established at 450. the 
is enabled based on the authenticated rate table and on the verified mail p.ece parameters. The computed 
rate is sent to the postage printing formatting module at 447. 

Terence is no W ma de to Figure 5. The activities within the postage evidencing device 1 1 4 relating to au- 
thenSXft.rTt.bta as shown in Figure 4, block 444 involves a series of steps. 
he vacation message of consistency of the mail piece parameters, a pointer ,s computed to the rate t able 
based or^ th parameters at 544. The hash value (message digest) of the rate table is computed at 546. The 
computed hash 121 (message digest) of the rate table is compared with the hash value (message digest) of 
th Tate ^taSle sto^ The postage evidencing device non-volatile memory at 548. If the hash values do not 
match at 548 t^e process is stopped at 549 and various alternatives can be implemented as previously no ed 
^^^^T^^^ device, allowing the number of lead tries or setting a flag * the 

" -tch at 548. access to the rate table itself is enabled at 550 and the 

rate involved s^STherate I formatted as part of the revenue block enabling the postage ev.dencing 
device to be prepared to print at 552. The postage evidencing device printer 122 » then enabled for pnntmg 
at 554 and printed at 556 The formatting of the postal revenue block will include the hash value (message 
d gest) as we as the rate to enable later identification. All or a part of the information contamed ,n the hash 
vie can be utilized to determine the authenticity, validity, and currency of the rate table. Moreover, th ,e rating 
vectors ^ parameters) are also printed. As previously noted the hash value may be encrypted or ^para- 
metrizedly a secret key. This prevents the use. for example, of improper rating vectors or -te table and the 
deUberate aLring of the hash value or part thereof for the proper rating vectors and proper rate 

Sence is now made to Figure 6 which is a representative mail piece w,th one example of the type of 
information which may be printed on the mail piece 124. It should be recognized that the pnnted information 
TdToZn*Ln L a matter of choice and can be printed at different locations on the envelope pane o 
"pe mo eover he information relative to a mail piece may be stored with a mail piece 
rnrl Tr Lr orocessinq and analysis. The stored data for later analysis can be for a s.ngle ma.ler or a group 
7nlTl£~X«* information concerning mailing patterns and information regarding rating ex- 

idenuficIZ number 61 2,Ttown cirde 614. and a postage amount and suitable indicia des.gn wh.ch may ,„- 

^Sa^^ 
5 the hash value or part thereof (message digest of the rate table and/or calcula tion algor thm 

• sr^ra^—^-- — 

Pre tl^e?. a CX 6 iz°d .haUhe inforn^ion print*, i.3 .oca.io,. ,Ke ,on« used. u. b. code >»p e , 
the IEEE Symposium Foundations of Computer Science. Pages 90-99, 19*1). 
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The following is an example of some of the aspects of the above described systems- 
1992 on^g?^) ^ C0 ^ Or ^ C ^o 9V . ed. G. Simmons. IEEE Press, 

"s appS "°~ Mm '- The ach ""'" , 0,pad<lin9 " ,i,h zeroes ihe M «* <«** - TJ'l'Z 

■» m .-, CO ™ i ? r "' 9 !°"°"" n9 example ' * p ° r,i °" of ,ha currenl ""*■« States Postal Service rate table for letter 
0 MJSo^SS ^33 reP,eSented " = ^ - ~ »"* - -i™:; 

where the f.rst d,gi, 1 is indicative of the weight under 1 oz.. the second digit 6 J LicativTof the alTe e! 
Plained co mt ,,„a„ono,encod,ng. presort and prebarcoding attributes ^^ZTe^Z^ZZ 

6825965425726402962 
The last two digits 62 of the hash value represent the rate table digital token 

in thl rate I ZZ*£?i T d exa " iPle r f° WS ° ne t0 re ' iably detect an * attempt *> ^stitute a correct rate stored 
hp f h , y ValUS - ThUS ' the deMberate alteration of the rate 'able described in example C can 

be detected and a printed evidence of such alteration can be provided to the verificatio7 D rrttT^^ 
reco g n 1Z ed that the other encryption techniques are suitable for use ^topZ^^o^Z 

sZo^iumT p m a t paP6r ^ M - B,Um 61 al ' " CheCking the c °-ectness of Memories", Proceed^gs of 31st 
Symposium on Foundations of Computer Science, October 1990 «w»uings or jist 

authenSf Tn^T* T ^ SyStemS 3 p0Stal service or otner P»rty *° verify 

authenticate and reproduce the rating process from the information imprinted on the mail piece Th s aMows 

^.XdiXr ratin9 Pr0C6SS l ° 6StabliSh the fate W3S aCCUratel V and P- e'imjlem ted 
JZ^T rate tab ' e W3S US6d ' C ° nSiStent mail P iece Parameters or vectors were used as 

pT^. a h^^° U,ati0n al9 , 0rithm ^ US6d - the C0rT6Ct P0Sta ^ v-u. was imprin ed on the ma 
r^inn l l >1 h 2 (messa9e d ' 9est > ve ' ifies tnat correct rate table/calculation algorithm was used fo 

m i Piece Ze^oT*™ K™*^ 38 ^ dM,rad Se ' ViCe ' etc " * ls ° Z^n Z 

Thlh h ac ' k 9 P Ca " be reconstructed - Mor eover, the entire hash value 682596542572640962 

can be oZlT ^"T^ ^ * *"» ^ ,n the di9ital token being 62. This digital token 62 

can be printed on the mail piece for verification purposes 

m ai . T n h ! Pr6Sent SySte ? thUS 8nableS 3n 3Udit f ° r eaCh mail piece - The audit ™y not only determine if the 
mail p.ece was correctly or incorrectly rated but also the reason why the mail piece was incor ec7ra Id ,f 

ol D ' S J T Se ' S SefVeS 33 3n eXCe " ent deteCti ° n a " d thus deterrent — 'anism becaus" a m" ier o 
7co^^^^^ 

uresT^ ? a,90nthm) th,s can be detected - Th * ^rnber and nature of the detected fail- 

ures for the mailer or group of mailers to properly rate the mail pieces may be stored. The postal service can 

Zl" ^ °" 35 * °" *"* ™ 

into l h ^ e n tSy T em rT bemadepartofthemeterrechar 9 in 9 Process whereinadditionalfundsareentered 
iTdenTina d. 9 IT" Th,S '! t0 enat " e ^ COntinUe6 printin9 of P° sta 9e when the funds within the postage 
ZtZa lTen c iT ^ * ^ table 0r rate <•»*•• - ^^lled in the 

tto^undT^^T req H U ' rement ;° 6nab,e r6Char9in9 ° f the P° sta9e evidenci "9 114 with addi- 

^onal funds. The postage evidencing dev,ce thus can only print a limited amount of postage or other value 

dendna n de mP ? P h :; ^ °' ^ ^ ^ ^ 3M iS the amount ° f ^ * Zll e™ 
dencng dev. 3 between rechargmg operations. This limits the risk of a postal service due to ratinq with im 
proper rate tables to the amount of funds currently in the meter system 

The downloading of current rate tables when made a part of the recharging operation and can emolov 

theTund Thai? T"' "? T ^ ^ ^ ^ ^ W0Uld b9 ^ 0 ' ^ info-a ion n que o" 
the funds recharging transaction (or other funds transaction as for example.for current account meters, the 
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tampering. The postage evidencing dev.ce , n« w y computed from the resident 

~= 

loaded into the postage evidencing^ ^^^^ ptocTO o,«.. U Ultolk»- 
compoted during the operation to ,nsu,e the data was "^^^ ™ es Mn De g ,„ erate( i ea ch tima 
of tha data duhng operation of the postage n^,'^™^^* ^ in the postage evi- 

^rrp=,^^^^ 

described herein, i. will M apparent ma. venations and modifiers may be made there.n. 
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APPENDIX A 

A1, W " " ith fc«y X.X234S77777. 

SSS&'JAVi.'SB. : J}{;;j;j;j "ggg. 

A1 • ccci o»oc rets u» (h .„ 

>• 5< m (M1 ^ _ ^ ^ ^ ^ 

x OT J2 . d:m , ai )SJ , sjm ^ 

** " C61J StXB 2A0E COtO (h#x) 

" ■ as; as sss :k: as 

^ - C61S 58E8 2AOE 61CI 

■«ssi!--- : 

-S55, : sjsjj?" aa-ajj 

««LT . S«A 



A postal rating system comprising: 

a postal rating device having non-volatile storage means- 

iS store^~^ 

in said^c^T^"?,'? P ° Sta ' rati " 9 deViC6 * haSh COde Such that said code is stored 
sa,d ratmg dev,ce non-vo.at.le memory, said hash code based on information from said rating table 
means ,n sa.d posta, rating device for generating a hash code based on information from said re- 
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ceived rate table stored in said rating device non-volatile memory; and 

means for comparing the received hash code with the generated hash code. 

2 A postal rating system as defined in claim 1 wherein said transmitted hash code is an "<^*™* 
code Ind tluding means in said rating device for decrypting the encrypted hash code and companng 
the decrypted hash code with the generated hash code. 

3. A postal system as defined in claim 2 wherein the received hash code and the generated hash code are 
each based upon the entire rate table. 

4 A postal system as defined in claim 2 wherein said transmitted hash code and said transmitted rate table 
each includes data as to the time period when the rate table is valid. 

5 A postage evidencing device comprising: 

mpsns for storino a postal rate table in a non-volatile memory; 

means £'S?a hash code based on information from the rate table in said non-volat.le memory, 
means for receiving a request for printing of postage value; 

means for recomputing the hash code from said information from said rate table stored ,n sa.d non- 
"^"mTarS comparing the recomputed hash code based with said hash code stored in said non- 
VO,ati "or comparing said recomputed hash code and said stored hash code. 

PieC6; means for printing said mail piece rating parameters on said mail piece such that a verifying party 
can reconstruct the rating process and determine if rating inaccuracy occurred. 
7 A postage evidencing device as defined in claim 6 further including means for encrypting said hash code 
such thai ^said p rinting means is enabled to print an encrypted hash code on said ma,l p.ece. 

° * S ~stS^ 

a,sop :^f:^o:Sthe ^ ^ * ^ T — ™^ 

means for determining the correctness of said rat.ng for sa.d scanned ma.l p.ece. 

which provides an identification of the rate table. 

tion based solely on said imprinted value. 
12. A mail piece as defined in claim 10 wherein said code is encrypted, 
a 13. A mail piece as define in Claim 11 wherein said function is a hash function. 

14. A mail piece as defined in claim 13 wherein said code is encrypted. 

15. Amail piece as defined in Cairn 13 wherein said code imprinted on said mail piece is related to a hash 
;s value. 

16. A mail piece as defined in claim 1 5 wherein said code is an encrypted hash value. 
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17. A mail piece as defined in Claim 15 wherein the hash value is imprinted in machine readable form. 

18. A mail piece as defined in claim 17 wherein said hash value is imprinted in bar code format. 

, 19- A mail piece as defined in claim 1 8 wherein said bar code format is a bar half bar code format. 

20. A mail piece as defined in claim 19 wherein said value is an encrypted hash value. 

21. A method for postal rating, comprising the steps of: 

w transmitting a postal rate table to a rating device- 

^^1*? 3 C f ° de ' f Sa ' d C ° de b3Sed ° n inf ° rmati0n fr ° m Said rati "9 »-b to: 
generating a code based on informat.on from the received rate table- and 

companng the received code with the generated code. 
s 22. A method as defined in claim 21 wherein said received code and said generated code are hash code 

' ^ e^ette ta S b d e efined " " ^ Said ^ nerated «— are based upon the 

25. A method of printing postage evidence, comprising the steps of- 

storing a postal rate table in a non-volatile memory- 
storing a code based on information from the rate table in said non-volatile memory- 
receiving a request for printing of postage value- memory, 
^ d recomputing thecodefrom said information from said rate tab.e stored insaid non-volatile memory; 
comparing said recomputed code and said stored code. 

26. A method as defined in Cairn 25 wherein said stored code and said recomputed code are each hash codes 

27 A ™^:^^-^ ciaim 25 ™« ^ - «*» * 

processlSn^ 

28. A method as defined in Cairn 27 wherein said code is encrypted and said encrypted code is printed 

30. A method as defined in claim 29 wherein said code is encrypted and said encrypted code is printed. 

31. A system for verifying the accuracy of postal rating, comprising the steps of 
-ers^red^ 

recomputing the rating process to determine the rating accuracy and 
determining the correctness of said rating for said scanned mail piece. 

32. A method as defined in claim 31 wherein said code is a hash code. 

34. A system as defined in claim 31 further including storing a profile of a mailer or group of mailers based 
on scanned data concerning rating activities fora series of mail pieces for said mailer or group of Llrs 

35. A method as defined in claim 23 wherein said transmitted hash code and said transmitted rate table each 
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include data as to the rate table validity time period. 

36. A postal rating system comprising: 

a postal rating device having secure storage means; ....... 

means for transmitting a postal rate table to said postal rating device such that said postal rate table 
is stored in said rating device secure storage means; 

means for transmitting to said postal rating device a hash code such that sa.d hash code is stored 
in said rating device secure storage means, said hash code based on information from said rating table; 

means in said postal rating device for generating a hash code based on informat.on from said re- 
ceived rate table stored in said rating device secure storage means memory; and 

means for comparing the received hash code with the generated hash code. 

37 A postal rating system as defined in claim 36 wherein said transmitted hash code is an encrypted hash 

code and including means in said rating device for decrypting the encrypted hash code and comparing 

the decrypted hash code with the generated hash code. 
38. A postal system as defined in claim 37 wherein the received hash code and the generated hash code are 

each based upon the entire rate table. 
39 A postal system as defined in claim 37 wherein said transmitted hash code and said transmitted rate table 

each includes data as to the time period when the rate table is valid. 

40. A method of printing postage evidence, comprising the steps of: 

storing a postal rate table; 

storing a code based on information from the rate table; 
receiving a request for printing of postage value; 

recomputing the code from said information from said stored rate table; and 
comparing said recomputed code and said stored code. 

41. Amethod as defined in claim40 wherein said stored code and said recomputed code are each hash codes. 

42. A method of printing postage as defined in claim 40 further including the steps of: 

printing said code on a mail piece; and, ,„ iin „ 
printing said mail piece rating parameters on said mail piece to enable reconstructs of the rat.ng 
process from information imprinted on said mail piece. 

43. A method as defined in claim 42 wherein said code is encrypted and said encrypted code is printed. 

44 A method as defined in claim 40 further including printing a postage rate, printing the date of printing the 
postage rate and printing said code on said mail piece, said code containing data as to the time period 
when said rate table is valid. 

45. A method as defined in claim 44 wherein said code is encrypted and said encrypted code is printed. 

46 A method for a mailing system, comprising the steps of: 

46. meth g 0d ^ ratjng g for rechargjng a postage evide ncing device with addifona. postage value to 

be P" n * e * va| . Qf g rate tab|e associated with said postage evidencing device; i and 

enabling recharging of said postage evidencing device if said rate table ,s determmed to be vahd. 

47 A method as defined in claim 46 wherein said steps of determining includes said ^^^j!; 
o vice transmitting to a remote location a hash code value of a rate table currently associated with sa.d post- 

age evidencing device. 

48 A method as defined in claim 46 wherein said steps of determining includes transmitting to said postage 
evidencing device a hash code value of a currently valid rate table. 

5 49. A method for a mailing system, comprising the steps of: 

determining the validity of a rate table associated with a postage e^encmg dev ce ^and 
enabling operation of said postage evidencing device if sa.d rate table is determmed to be valid. 
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50 - £fsr h ir^^ 

52. A method for a mailing system, comprising the steps of- 

determining the validity of mailing data associated with a postage evidencing device- and 
enabl.ng operation of said postage evidencing device if said mailg dar^d J^Tb. valid. 

^ tTeTon Sd mii^ da C ;r * ^ ~" «"» ■"*«" "» a *"* -de value 

" ^~^Z 53 Wh6rein ° 0de V3,Ue iS ~«* ™ «- -ed for 

55. A method as defined in claim 54 wherein said hash code values are stored in a secure memory. 
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FIG. 2 

DATA CENTER ACTIVITIES 



| SEND RATE TABLE TO PEP 



COMPUTE HASH VALUE OR RATE TABLTu ^ 



ENCRYPT HASH VALUE WITH A SECRET KEY U ?1? 



I SEND ENCRYPTED HASH VALUE TO~PED~U ??n 



FIG. 3 

POSTAGE EVIDENCING DEVICE ACTIVITIES 



RECEIVE RATE TABLTL . qoo 



RECEIVE ENCRYPTED HASH 
VALUE OF RATE TABLE —324 



COMPUTE HASH VALUE OR RECEIVED RATE 
TABLE AND OBTAIN FIRST HASH VALUE 



-326 



DECRYPT RECEIVED ENCRYPTED HASH VALUE 
OF RATE TABLE AND OBTAIN SECOND HASH VALUE 







-328 
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FIG. 5 



COMPUTE A POINTER 

TO THE RATE TABLE — 544 



COMPUTE HASH VALUE 

OF THE RATE TABLE — 546 




ACCESS RATE TABLE 
AND OBTAIN RATE 



— 550 



FORMAT POSTAL 
PRINTING BLOCK 



-552 



ENABLE POSTAGE 
PRINTER 



J- — 554 



PRINT POSTAL 
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(g) Postal rating system with verifiable integrity. 

(57) A data center provides a rate table to a user. 
The rate table is communicated to the mailer 
along with a hash code. The hash code is based 
on information from the rating table. The hash 
code provides a unique number based on the 
rating table provided. The algorithm within a 
secure device and to which the rate table is 
loaded regenerates the hash code based on the 
information received from the rate table and 
compares the transmitted hash code with the 
generated hash code. A comparison is made of 
the received hash code and the generated hash 
code to verify that the rate table data has not 
been intentionally or unintentionally corrupted. 
The transmitted hash code may be encrypted by 
the data center and when received decrypted by 
the mailer. The encryption decryption process 
establishes authenticity of the data center if 
desired. j 

The generation of a hash code based on the 
stored rate table and a comparison with a 
stored hash code previously transmitted can be 
initiated prior to postage printing and used to 
insure proper rating. Printing is enabled only 
after the rating process has been properly im- 

2 plemented. The hash code and rating mfor- 
1 mation may be printed on the mail piece such 

that a verifying party can reconstruct the rating 
J{ process and determine if rating inaccuracy oc- 

curred. Various rating inaccuracy for a particu- 
J lar user can be stored by the verifying party to 
X detect a recurrence of rating errors. Rating 

profiles for particular users or group of users 

3 may be stored to enable generation of user 
L profiles. 
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